From 0001b2f84521ced7cbab976a670f3997d7a4dab0562c7372553354727134714c Mon Sep 17 00:00:00 2001 From: John Paul Adrian Glaubitz Date: Fri, 1 Nov 2024 08:19:57 +0000 Subject: [PATCH] - Add patch from Fedora to enforce use of legacy OpenSSL API + 0001-use-legacy-openssl-api.patch (bsc#1231686) OBS-URL: https://build.opensuse.org/package/show/security/AusweisApp?expand=0&rev=23 --- .gitattributes | 23 + .gitignore | 1 + 0001-fix-qml-error-with-qt6.6.patch | 51 ++ 0001-use-legacy-openssl-api.patch | 532 +++++++++++++++++++ 2.2.0.tar.gz | 3 + 2.2.1.tar.gz | 3 + 2.2.2.tar.gz | 3 + AusweisApp.changes | 764 ++++++++++++++++++++++++++++ AusweisApp.spec | 100 ++++ 9 files changed, 1480 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 0001-fix-qml-error-with-qt6.6.patch create mode 100644 0001-use-legacy-openssl-api.patch create mode 100644 2.2.0.tar.gz create mode 100644 2.2.1.tar.gz create mode 100644 2.2.2.tar.gz create mode 100644 AusweisApp.changes create mode 100644 AusweisApp.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/0001-fix-qml-error-with-qt6.6.patch b/0001-fix-qml-error-with-qt6.6.patch new file mode 100644 index 0000000..58f1667 --- /dev/null +++ b/0001-fix-qml-error-with-qt6.6.patch @@ -0,0 +1,51 @@ +From d01d6ee97b7e1fbb804e12614004f9c5eab7fee3 Mon Sep 17 00:00:00 2001 +From: Lars Schmertmann +Date: Thu, 11 Jul 2024 16:35:09 +0200 +Subject: [PATCH] Fix QML error with Qt 6.6.3 + +Got QML warning: DetachedLogView.qml:16:2: Cannot override FINAL property +--- + .../qml/modules/FeedbackView/+desktop/DetachedLogView.qml | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/ui/qml/modules/FeedbackView/+desktop/DetachedLogView.qml b/src/ui/qml/modules/FeedbackView/+desktop/DetachedLogView.qml +index 953a3766..db7e446a 100644 +--- a/src/ui/qml/modules/FeedbackView/+desktop/DetachedLogView.qml ++++ b/src/ui/qml/modules/FeedbackView/+desktop/DetachedLogView.qml +@@ -12,8 +12,8 @@ import Governikus.View + Rectangle { + id: root + ++ readonly property int controlRadius: 15 + readonly property int horizontalPadding: 18 +- readonly property int radius: 15 + readonly property int spacing: 10 + readonly property int verticalPadding: 6 + +@@ -55,7 +55,7 @@ Rectangle { + Layout.preferredWidth: 200 + horizontalPadding: root.horizontalPadding + model: LogModel.logFileNames +- radius: root.radius ++ radius: root.controlRadius + textStyle: logTextStyle + verticalPadding: root.verticalPadding + +@@ -64,7 +64,7 @@ Rectangle { + border.width: 1 + color: Style.color.transparent + drawShadow: false +- radius: root.radius ++ radius: root.controlRadius + } + + onCurrentIndexChanged: LogModel.setLogFile(currentIndex) +@@ -286,7 +286,7 @@ Rectangle { + Layout.minimumWidth: -1 + borderWidth: 1 + horizontalPadding: root.horizontalPadding +- radius: root.radius ++ radius: root.controlRadius + spacing: root.spacing + tintIcon: true + verticalPadding: root.verticalPadding diff --git a/0001-use-legacy-openssl-api.patch b/0001-use-legacy-openssl-api.patch new file mode 100644 index 0000000..504ea93 --- /dev/null +++ b/0001-use-legacy-openssl-api.patch @@ -0,0 +1,532 @@ +From 360d75e9ac2977a99b3e45e0e472a0abb02655cf Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 4 Jul 2024 20:10:17 +0200 +Subject: [PATCH] AusweisApp2-2.0.1-use-legacy-openssl-api.patch + +--- + src/card/base/asn1/EcdsaPublicKey.cpp | 39 ------ + src/card/base/asn1/EcdsaPublicKey.h | 6 +- + src/card/base/pace/ec/EcdhGenericMapping.cpp | 15 --- + src/card/base/pace/ec/EcdhGenericMapping.h | 4 - + src/card/base/pace/ec/EcdhKeyAgreement.cpp | 7 - + src/card/base/pace/ec/EcUtil.cpp | 134 ------------------- + src/card/base/pace/ec/EcUtil.h | 12 -- + src/card/simulator/SimulatorCard.cpp | 45 +------ + src/card/simulator/SimulatorCard.h | 4 - + src/card/simulator/SimulatorFileSystem.cpp | 9 -- + src/card/simulator/SimulatorFileSystem.h | 4 - + 11 files changed, 2 insertions(+), 277 deletions(-) + +diff --git a/src/card/base/asn1/EcdsaPublicKey.cpp b/src/card/base/asn1/EcdsaPublicKey.cpp +index ea07eda..0f19c11 100644 +--- a/src/card/base/asn1/EcdsaPublicKey.cpp ++++ b/src/card/base/asn1/EcdsaPublicKey.cpp +@@ -182,7 +182,6 @@ QByteArray EcdsaPublicKey::getUncompressedPublicPoint() const + } + + +-#if OPENSSL_VERSION_NUMBER < 0x30000000L + QSharedPointer EcdsaPublicKey::createGroup(const CurveData& pData) const + { + QSharedPointer group = EcUtil::create(EC_GROUP_new_curve_GFp(pData.p.data(), pData.a.data(), pData.b.data(), nullptr)); +@@ -209,8 +208,6 @@ QSharedPointer EcdsaPublicKey::createGroup(const CurveData& pData) con + } + + +-#endif +- + QSharedPointer EcdsaPublicKey::createKey(const QByteArray& pPublicPoint) const + { + return createKey(reinterpret_cast(pPublicPoint.constData()), static_cast(pPublicPoint.size())); +@@ -239,7 +236,6 @@ QSharedPointer EcdsaPublicKey::createKey(const uchar* pPublicPoint, in + return nullptr; + } + +-#if OPENSSL_VERSION_NUMBER < 0x30000000L + const auto& group = createGroup(curveData); + if (group.isNull()) + { +@@ -275,39 +271,4 @@ QSharedPointer EcdsaPublicKey::createKey(const uchar* pPublicPoint, in + + return key; + +-#else +- const auto& params = EcUtil::create([&curveData, pPublicPoint, pPublicPointLength, this](OSSL_PARAM_BLD* pBuilder){ +- return OSSL_PARAM_BLD_push_BN(pBuilder, "p", curveData.p.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "a", curveData.a.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "b", curveData.b.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "order", curveData.order.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", curveData.cofactor.data()) +- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "pub", pPublicPoint, static_cast(pPublicPointLength)) +- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", mBasePoint->data, static_cast(mBasePoint->length)) +- && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12); +- }); +- +- if (params == nullptr) +- { +- qCCritical(card) << "Cannot set parameter"; +- return nullptr; +- } +- +- auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr)); +- if (!EVP_PKEY_fromdata_init(ctx.data())) +- { +- qCCritical(card) << "Cannot init pkey"; +- return nullptr; +- } +- +- EVP_PKEY* key = nullptr; +- if (!EVP_PKEY_fromdata(ctx.data(), &key, EVP_PKEY_PUBLIC_KEY, params.data())) +- { +- qCCritical(card) << "Cannot fetch data for pkey"; +- return nullptr; +- } +- +- return EcUtil::create(key); +- +-#endif + } +diff --git a/src/card/base/asn1/EcdsaPublicKey.h b/src/card/base/asn1/EcdsaPublicKey.h +index 36f768e..45f78ec 100644 +--- a/src/card/base/asn1/EcdsaPublicKey.h ++++ b/src/card/base/asn1/EcdsaPublicKey.h +@@ -13,9 +13,7 @@ + #include + #include + +-#if OPENSSL_VERSION_NUMBER < 0x30000000L +- #include +-#endif ++#include + + + namespace governikus +@@ -105,9 +103,7 @@ using EcdsaPublicKey = struct ecdsapublickey_st + + [[nodiscard]] CurveData createCurveData() const; + [[nodiscard]] QSharedPointer createKey(const uchar* pPublicPoint, int pPublicPointLength) const; +-#if OPENSSL_VERSION_NUMBER < 0x30000000L + [[nodiscard]] QSharedPointer createGroup(const CurveData& pData) const; +-#endif + + public: + static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg); +diff --git a/src/card/base/pace/ec/EcdhGenericMapping.cpp b/src/card/base/pace/ec/EcdhGenericMapping.cpp +index 3e2d1d4..1a8e6a2 100644 +--- a/src/card/base/pace/ec/EcdhGenericMapping.cpp ++++ b/src/card/base/pace/ec/EcdhGenericMapping.cpp +@@ -37,13 +37,8 @@ QByteArray EcdhGenericMapping::generateLocalMappingData() + + mLocalKey = EcUtil::generateKey(mCurve); + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- return EcUtil::getEncodedPublicKey(mLocalKey); +- +-#else + return EcUtil::point2oct(mCurve, EC_KEY_get0_public_key(mLocalKey.data())); + +-#endif + } + + +@@ -56,12 +51,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe + return false; + } + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- const QSharedPointer localPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mLocalKey)); +- const EC_POINT* localPubKey = localPubKeyPtr.data(); +-#else + const EC_POINT* localPubKey = EC_KEY_get0_public_key(mLocalKey.data()); +-#endif + if (!EC_POINT_cmp(mCurve.data(), localPubKey, remotePubKey.data(), nullptr)) + { + qCCritical(card) << "The exchanged public keys are equal."; +@@ -81,12 +71,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe + + QSharedPointer EcdhGenericMapping::createNewGenerator(const QSharedPointer& pRemotePubKey, const QSharedPointer& pS) + { +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- const auto& privKeyPtr = EcUtil::getPrivateKey(mLocalKey); +- const BIGNUM* privKey = privKeyPtr.data(); +-#else + const BIGNUM* privKey = EC_KEY_get0_private_key(mLocalKey.data()); +-#endif + + if (!privKey) + { +diff --git a/src/card/base/pace/ec/EcdhGenericMapping.h b/src/card/base/pace/ec/EcdhGenericMapping.h +index bdfa5a8..dea4bf0 100644 +--- a/src/card/base/pace/ec/EcdhGenericMapping.h ++++ b/src/card/base/pace/ec/EcdhGenericMapping.h +@@ -22,11 +22,7 @@ class EcdhGenericMapping + + private: + const QSharedPointer mCurve; +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- QSharedPointer mLocalKey; +-#else + QSharedPointer mLocalKey; +-#endif + + QSharedPointer createNewGenerator(const QSharedPointer& pRemotePubKey, const QSharedPointer& pS); + +diff --git a/src/card/base/pace/ec/EcdhKeyAgreement.cpp b/src/card/base/pace/ec/EcdhKeyAgreement.cpp +index 0f0ae09..45c8a76 100644 +--- a/src/card/base/pace/ec/EcdhKeyAgreement.cpp ++++ b/src/card/base/pace/ec/EcdhKeyAgreement.cpp +@@ -96,15 +96,8 @@ KeyAgreement::CardResult EcdhKeyAgreement::performKeyExchange() + return {CardReturnCode::PROTOCOL_ERROR}; + } + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- const QByteArray terminalEphemeralPublicKeyBytes = EcUtil::getEncodedPublicKey(terminalEphemeralKey); +- +- const auto& privKeyPtr = EcUtil::getPrivateKey(terminalEphemeralKey); +- const BIGNUM* terminalEphemeralPrivateKey = privKeyPtr.data(); +-#else + const QByteArray terminalEphemeralPublicKeyBytes = EcUtil::point2oct(curve, EC_KEY_get0_public_key(terminalEphemeralKey.data())); + const BIGNUM* const terminalEphemeralPrivateKey = EC_KEY_get0_private_key(terminalEphemeralKey.data()); +-#endif + + // Make a copy of the terminal public key for later mutual authentication. + mTerminalPublicKey = EcUtil::oct2point(curve, terminalEphemeralPublicKeyBytes); +diff --git a/src/card/base/pace/ec/EcUtil.cpp b/src/card/base/pace/ec/EcUtil.cpp +index 10db88f..5c0ff53 100644 +--- a/src/card/base/pace/ec/EcUtil.cpp ++++ b/src/card/base/pace/ec/EcUtil.cpp +@@ -103,137 +103,6 @@ QSharedPointer EcUtil::oct2point(const QSharedPointer& + } + + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +-QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer& pKey) +-{ +- if (pKey.isNull()) +- { +- qCCritical(card) << "Cannot use undefined key"; +- return nullptr; +- } +- +- uchar* key = nullptr; +- const size_t length = EVP_PKEY_get1_encoded_public_key(pKey.data(), &key); +- const auto guard = qScopeGuard([key] { +- OPENSSL_free(key); +- }); +- +- return length > 0 ? QByteArray(reinterpret_cast(key), static_cast(length)) : QByteArray(); +-} +- +- +-QSharedPointer EcUtil::getPrivateKey(const QSharedPointer& pKey) +-{ +- BIGNUM* privKey = nullptr; +- EVP_PKEY_get_bn_param(pKey.data(), "priv", &privKey); +- return EcUtil::create(privKey); +-} +- +- +-QSharedPointer EcUtil::create(const std::function& pFunc) +-{ +- OSSL_PARAM_BLD* bld = OSSL_PARAM_BLD_new(); +- const auto guard = qScopeGuard([bld] { +- OSSL_PARAM_BLD_free(bld); +- }); +- +- if (bld == nullptr) +- { +- qCCritical(card) << "Cannot create parameter builder"; +- return nullptr; +- } +- +- if (OSSL_PARAM* params = nullptr; +- pFunc(bld) && (params = OSSL_PARAM_BLD_to_param(bld)) != nullptr) +- { +- static auto deleter = [](OSSL_PARAM* pParam) +- { +- OSSL_PARAM_free(pParam); +- }; +- +- return QSharedPointer(params, deleter); +- } +- +- qCCritical(card) << "Cannot create parameter"; +- return nullptr; +-} +- +- +-QSharedPointer EcUtil::generateKey(const QSharedPointer& pCurve) +-{ +- if (pCurve.isNull()) +- { +- qCCritical(card) << "Curve is undefined"; +- return nullptr; +- } +- +- auto generator = EcUtil::point2oct(pCurve, EC_GROUP_get0_generator(pCurve.data())); +- +- auto order = EcUtil::create(BN_new()); +- if (!EC_GROUP_get_order(pCurve.data(), order.data(), nullptr)) +- { +- qCCritical(card) << "Cannot fetch order"; +- return nullptr; +- } +- +- auto cofactor = EcUtil::create(BN_new()); +- if (!EC_GROUP_get_cofactor(pCurve.data(), cofactor.data(), nullptr)) +- { +- qCCritical(card) << "Cannot fetch cofactor"; +- return nullptr; +- } +- +- auto p = EcUtil::create(BN_new()); +- auto a = EcUtil::create(BN_new()); +- auto b = EcUtil::create(BN_new()); +- if (!EC_GROUP_get_curve(pCurve.data(), p.data(), a.data(), b.data(), nullptr)) +- { +- qCCritical(card) << "Cannot fetch a, b or p"; +- return nullptr; +- } +- +- const auto& params = EcUtil::create([&p, &a, &b, &order, &cofactor, &generator](OSSL_PARAM_BLD* pBuilder){ +- return OSSL_PARAM_BLD_push_BN(pBuilder, "p", p.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "a", a.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "b", b.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "order", order.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", cofactor.data()) +- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", generator.data(), static_cast(generator.size())) +- && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12); +- }); +- +- if (params == nullptr) +- { +- qCCritical(card) << "Cannot set parameter"; +- return nullptr; +- } +- +- auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr)); +- if (!ctx) +- { +- qCCritical(card) << "Cannot create EVP_PKEY_CTX"; +- return nullptr; +- } +- EVP_PKEY_keygen_init(ctx.data()); +- +- if (!EVP_PKEY_CTX_set_params(ctx.data(), params.data())) +- { +- qCCritical(card) << "Cannot set params to EVP_PKEY_CTX"; +- return nullptr; +- } +- +- EVP_PKEY* key = nullptr; +- if (!EVP_PKEY_generate(ctx.data(), &key)) +- { +- qCCritical(card) << "Cannot create EVP_PKEY"; +- return nullptr; +- } +- +- return EcUtil::create(key); +-} +- +- +-#else + QSharedPointer EcUtil::generateKey(const QSharedPointer& pCurve) + { + if (pCurve.isNull()) +@@ -257,6 +126,3 @@ QSharedPointer EcUtil::generateKey(const QSharedPointer& + + return key; + } +- +- +-#endif +diff --git a/src/card/base/pace/ec/EcUtil.h b/src/card/base/pace/ec/EcUtil.h +index b575341..f7db521 100644 +--- a/src/card/base/pace/ec/EcUtil.h ++++ b/src/card/base/pace/ec/EcUtil.h +@@ -32,9 +32,7 @@ class EcUtil + + static QSharedPointer create(EC_GROUP* pEcGroup); + +-#if OPENSSL_VERSION_NUMBER < 0x30000000L + static QSharedPointer create(EC_KEY* pEcKey); +-#endif + + static QSharedPointer create(EC_POINT* pEcPoint); + +@@ -44,14 +42,7 @@ class EcUtil + + static QSharedPointer create(EVP_PKEY_CTX* pEcGroup); + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- static QByteArray getEncodedPublicKey(const QSharedPointer& pKey); +- static QSharedPointer getPrivateKey(const QSharedPointer& pKey); +- static QSharedPointer create(const std::function& pFunc); +- static QSharedPointer generateKey(const QSharedPointer& pCurve); +-#else + static QSharedPointer generateKey(const QSharedPointer& pCurve); +-#endif + + static QSharedPointer createCurve(int pNid); + }; +@@ -68,7 +59,6 @@ inline QSharedPointer EcUtil::create(EC_GROUP* pEcGroup) + } + + +-#if OPENSSL_VERSION_NUMBER < 0x30000000L + inline QSharedPointer EcUtil::create(EC_KEY* pEcKey) + { + static auto deleter = [](EC_KEY* ecKey) +@@ -80,8 +70,6 @@ inline QSharedPointer EcUtil::create(EC_KEY* pEcKey) + } + + +-#endif +- + inline QSharedPointer EcUtil::create(EC_POINT* pEcPoint) + { + static auto deleter = [](EC_POINT* ecPoint) +diff --git a/src/card/simulator/SimulatorCard.cpp b/src/card/simulator/SimulatorCard.cpp +index 87491d7..2da83b1 100644 +--- a/src/card/simulator/SimulatorCard.cpp ++++ b/src/card/simulator/SimulatorCard.cpp +@@ -22,9 +22,7 @@ + #include + #include + #include +-#if OPENSSL_VERSION_NUMBER < 0x30000000L +- #include +-#endif ++#include + + + using namespace governikus; +@@ -369,12 +367,8 @@ ResponseApduResult SimulatorCard::executeGeneralAuthenticate(const CommandApdu& + mPaceTerminalKey = cmdData.getData(V_ASN1_CONTEXT_SPECIFIC, ASN1Struct::PACE_EPHEMERAL_PUBLIC_KEY); + + auto asn1KeyAgreement = newObject(); +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- const auto& encodedPublicKey = EcUtil::getEncodedPublicKey(mCardKey); +-#else + const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data()))); + const auto& encodedPublicKey = EcUtil::point2oct(curve, EC_KEY_get0_public_key(mCardKey.data())); +-#endif + Asn1OctetStringUtil::setValue(encodedPublicKey, asn1KeyAgreement->mEphemeralPublicKey); + responseData = encodeObject(asn1KeyAgreement.data()); + break; +@@ -461,42 +455,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const + return QByteArray(); + } + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- const auto& terminalKey = EcUtil::create(EVP_PKEY_new()); +- if (terminalKey.isNull() || EVP_PKEY_copy_parameters(terminalKey.data(), mCardKey.data()) == 0) +- { +- qCCritical(card_simulator) << "Initialization of the terminal key failed"; +- return QByteArray(); +- } +- if (!EVP_PKEY_set1_encoded_public_key( +- terminalKey.data(), +- reinterpret_cast(pPoint.data()), +- static_cast(pPoint.length()))) +- { +- qCCritical(card_simulator) << "Interpreting the terminal key failed"; +- return QByteArray(); +- } +- +- const auto& ctx = EcUtil::create(EVP_PKEY_CTX_new_from_pkey(nullptr, mCardKey.data(), nullptr)); +- size_t resultLen = 0; +- if (EVP_PKEY_derive_init(ctx.data()) <= 0 +- || EVP_PKEY_derive_set_peer(ctx.data(), terminalKey.data()) <= 0 +- || EVP_PKEY_derive(ctx.data(), nullptr, &resultLen) <= 0) +- { +- qCCritical(card_simulator) << "Initialization or calculation of the result failed"; +- return QByteArray(); +- } +- +- QByteArray result(static_cast(resultLen), '\0'); +- if (EVP_PKEY_derive(ctx.data(), reinterpret_cast(result.data()), &resultLen) <= 0) +- { +- qCCritical(card_simulator) << "Calculation of the result failed"; +- return QByteArray(); +- } +- +- return result; +- +-#else + const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data()))); + auto point = EcUtil::oct2point(curve, pPoint); + if (!point) +@@ -515,7 +473,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const + + return EcUtil::point2oct(curve, result.data(), true); + +-#endif + } + + +diff --git a/src/card/simulator/SimulatorCard.h b/src/card/simulator/SimulatorCard.h +index b709d17..23f858b 100644 +--- a/src/card/simulator/SimulatorCard.h ++++ b/src/card/simulator/SimulatorCard.h +@@ -35,11 +35,7 @@ class SimulatorCard + QSharedPointer mPaceChat; + QByteArray mPaceNonce; + QByteArray mPaceTerminalKey; +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- QSharedPointer mCardKey; +-#else + QSharedPointer mCardKey; +-#endif + QSharedPointer mTaAuxData; + + public: +diff --git a/src/card/simulator/SimulatorFileSystem.cpp b/src/card/simulator/SimulatorFileSystem.cpp +index 122ca4f..046d540 100644 +--- a/src/card/simulator/SimulatorFileSystem.cpp ++++ b/src/card/simulator/SimulatorFileSystem.cpp +@@ -327,11 +327,7 @@ QByteArray SimulatorFileSystem::getEfCardAccess() const + } + + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +-QSharedPointer SimulatorFileSystem::getKey(int pKeyId) const +-#else + QSharedPointer SimulatorFileSystem::getKey(int pKeyId) const +-#endif + { + if (!mKeys.contains(pKeyId)) + { +@@ -347,13 +343,8 @@ QSharedPointer SimulatorFileSystem::getKey(int pKeyId) const + return nullptr; + } + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- return privateKey; +- +-#else + return EcUtil::create(EVP_PKEY_get1_EC_KEY(privateKey.data())); + +-#endif + } + + +diff --git a/src/card/simulator/SimulatorFileSystem.h b/src/card/simulator/SimulatorFileSystem.h +index cb9704b..44d4054 100644 +--- a/src/card/simulator/SimulatorFileSystem.h ++++ b/src/card/simulator/SimulatorFileSystem.h +@@ -38,11 +38,7 @@ class SimulatorFileSystem + [[nodiscard]] StatusCode write(qsizetype pOffset, const QByteArray& pData); + + [[nodiscard]] QByteArray getEfCardAccess() const; +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- [[nodiscard]] QSharedPointer getKey(int pKeyId) const; +-#else + [[nodiscard]] QSharedPointer getKey(int pKeyId) const; +-#endif + + [[nodiscard]] StatusCode verify(const Oid& pOid, const QSharedPointer& pAuxiliaryData) const; + +-- +2.45.2 + diff --git a/2.2.0.tar.gz b/2.2.0.tar.gz new file mode 100644 index 0000000..e2d8784 --- /dev/null +++ b/2.2.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c68c710d4608aa73ff22e513298d7e05462eb6123ea083e029205599828175dd +size 5923990 diff --git a/2.2.1.tar.gz b/2.2.1.tar.gz new file mode 100644 index 0000000..358f993 --- /dev/null +++ b/2.2.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e2786f4818d77c364eb8a6305b9313411d984b6774d9a49564306f10d663f0fe +size 5929111 diff --git a/2.2.2.tar.gz b/2.2.2.tar.gz new file mode 100644 index 0000000..075be1d --- /dev/null +++ b/2.2.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f8547d54dd10425a24b1390c54b0f5198a77166b4c8771078626d5b8a42f8f99 +size 5943648 diff --git a/AusweisApp.changes b/AusweisApp.changes new file mode 100644 index 0000000..1104ef1 --- /dev/null +++ b/AusweisApp.changes @@ -0,0 +1,764 @@ +------------------------------------------------------------------- +Fri Nov 1 08:19:20 UTC 2024 - John Paul Adrian Glaubitz + +- Add patch from Fedora to enforce use of legacy OpenSSL API + + 0001-use-legacy-openssl-api.patch (bsc#1231686) + +------------------------------------------------------------------- +Wed Oct 23 13:41:45 UTC 2024 - John Paul Adrian Glaubitz + +- New upstream release + + Version 2.2.2 + - Visual adjustments and optimization of the graphical user interface. + - Optimization of accessibility and keyboard operability. + - Addition of the Android ABIs armeabi-v7a and x86_64 in addition to + arm64-v8a in the SDK. + +------------------------------------------------------------------- +Wed Sep 11 10:20:37 UTC 2024 - John Paul Adrian Glaubitz + +- New upstream release + + Version 2.2.1 + - Visual adjustments and optimization of the graphical user interface. + - Optimization of accessibility and keyboard usability. + - Prevention of the display of external content in + the graphical user interface. + - Support for smartphones with Android 15 where + optimized memory management has been activated. + - Support for 16 KB page sizes on Android. + - Stabilization of the iOS SDK during fast restarts. + - Correction of the behavior when using Qt 6.6.3. + - Avoidance of a log file within the container in the container SDK. + - Update of the Android NDK to r27b (27.1.12297006). + - Update of the Android SDK Platform to Android 15 (API level 35). + - Update of OpenSSL to version 3.3.2. +- Drop patches for issues fixed upstream + + 0001-fix-qml-error-with-qt6.6.patch + +------------------------------------------------------------------- +Fri Jul 19 11:44:15 UTC 2024 - John Paul Adrian Glaubitz + +- Add missing libQt6Svg6 runtime dependency to Requires + +------------------------------------------------------------------- +Fri Jul 12 13:24:10 UTC 2024 - John Paul Adrian Glaubitz + +- Cherry-pick upstream patch to fix QML error with Qt 6.6 + + 0001-fix-qml-error-with-qt6.6.patch + +------------------------------------------------------------------- +Fri Jul 5 11:30:50 UTC 2024 - John Paul Adrian Glaubitz + +- New upstream release + + Version 2.2.0 + - Visual adjustments and optimization of the graphical user interface. + - Display of the old and new device name when using "Smartphone as card + reader" if the name of a device has changed. + - An information page has been added at the end of an authentication before + forwarding to the service provider. + - Increased the time allowed to respond to card commands on Android to support + badges that have switched to a safe slow mode after too many incorrect CAN entries. + - Improved accessibility options. + - Support for Android 8 has been discontinued. + - The "Smartphone as card reader" function now requires at least version 2.1.0. + - Support for ChromeOS has been added. + - Support for key lengths smaller than 3000 bits has been discontinued. + - Changelog added to the documentation for the SDK. + - Functional extension of the SDK (see changelog). + - Update of Qt to version 6.7.2. + - Update of OpenSSL to version 3.3.1. + +------------------------------------------------------------------- +Thu Apr 11 08:16:20 UTC 2024 - John Paul Adrian Glaubitz + +- New upstream release + + Version 2.1.1 + - Visual adjustments and optimization of the graphical user interface. + - Fixed rarely occurring problems in connection with the browser used. + - Textual adjustments. + - Fixed READER messages in the SDK when using unknown cards or when + the connection to the card is unstable. + +------------------------------------------------------------------- +Thu Feb 29 14:15:15 UTC 2024 - John Paul Adrian Glaubitz + +- New upstream release + + Version 2.1.0 + - Visual adjustments and optimization of the graphical user interface. + - Improved detection of system language on macOS. + - Removed the five minutes time limit for password + entry when the ID card is placed on the reader. + - Fixed display of changed device names when using "Smartphone as card reader". + - Add an option to disable animations. + - Fixed the behavior of "Smartphone as card reader" + with activated password entry when using a PUK. + - Fixed of the connection test with a password-protected + proxy in the diagnostics on desktop systems. + - Drop support for macOS 11 Big Sur. + - Fixed processing of certificates with CAv3 extension. + - Unified documentation for installation and integration. + - Update of OpenSSL to version 3.1.5. + +------------------------------------------------------------------- +Fri Jan 19 10:44:24 UTC 2024 - John Paul Adrian Glaubitz + +- New upstream release + + Version 2.0.3 + - Fixed crash on macOS 11. + - Fixed missing German translation. + - Fixed display of release notes. + +------------------------------------------------------------------- +Sat Jan 13 11:49:15 UTC 2024 - John Paul Adrian Glaubitz + +- New upstream release + + Version 2.0.2 + - Avoid showing hints to the PIN reset service. +- Pass original source tree name to %setup macro +- Use original source tree name in %install section + +------------------------------------------------------------------- +Wed Nov 15 07:45:17 UTC 2023 - John Paul Adrian Glaubitz + +- New upstream release + + Version 2.0.1 + - Fixed an issue where settings were not saved on iOS and macOS. + - Fixed entitlements on macOS. + +------------------------------------------------------------------- +Tue Nov 7 15:41:37 UTC 2023 - John Paul Adrian Glaubitz + +- New upstream release + + Version 2.0.0 + - Renamed AusweisApp2 to AusweisApp. + - Completely revised graphical user interface. + - Dark mode is now supported on all platforms. + - The display in landscape mode has been + optimized and is now set automatically. + - System font and size are now honored by the app. + - Optimized usability of the title bar. + - Online help is no longer available. + - The provider list is no longer integrated in AusweisApp + but can now be accessed via the AusweisApp website. + - History of authentication processes has been removed. + - The PDF export function for personal data has been removed. + - macOS Catalina 10.15 is no longer supported. + - Android 7 is no longer supported. + - iOS 13 is no longer supported. + - Updated Qt to version 6.5.3. + - Updated OpenSSL to version 3.1.4. +- Pass adjusted source tree name to %setup macro +- Use adjusted source tree name in %install section +- Rename package from AusweisApp2 to AusweisApp +- Drop patches for issues fixed upstream + + 0001-fix-ftbfs-with-qt6.6.patch + + 0002-update-qml-for-qt6.6.patch + +------------------------------------------------------------------- +Tue Oct 17 08:55:19 UTC 2023 - John Paul Adrian Glaubitz + +- Add patch to fix FTBFS with Qt 6.6 + + 0001-fix-ftbfs-with-qt6.6.patch +- Add patch to update QML for Qt 6.6 + + 0002-update-qml-for-qt6.6.patch + +------------------------------------------------------------------- +Tue Aug 1 11:45:15 UTC 2023 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.26.7 + - Fixed possible crash during start-up on Android + + from version 1.26.6 + - Fixed possible crash during start-up on Android + +------------------------------------------------------------------- +Wed Jul 26 11:37:46 UTC 2023 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.26.5 + - Reworked the pairing process when using a smartphone as card reader. + Both devices involved in pairing must be updated to version 1.26.5. + Pairing AusweisApp 1.26.5 with older versions is not supported. + - Progress is now also shown on the smartphone when using it as a card reader. + - Enabled keyboard mode by default when using smartphone as a card reader. + - When using keyboard mode on a smartphone as a card reader, showing the + permissions can now be re-enabled in settings at any time. + - Added a monochrome icon on Android. + - Added handling for + on macOS. + - Removed the update function on macOS in favor of the Mac App Store. + - Minor bug fixes and optimizations. + - Fixed documentation for installation in corporate networks + on macOS when configuring the setup wizard. + - Optimized the size of the Android SDK. + - Updated OpenSSL to version 3.0.9. +- Add qt6-core-private-devel to BuildRequires + +------------------------------------------------------------------- +Sat Apr 29 09:03:40 UTC 2023 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.26.4 + - Improved window management on macOS. + - Minor bug fixes and optimizations. + - Changed INTERRUPT to not always display an error icon. + - Enabled "Access-Control-Allow-Private-Network" + header to be set during status requests. + - Changed CHANGE_PIN to return a FailureCode. + - Fixed a crash with AirPlay in the iOS SDK. + - Fixed private icons in the iOS SDK. + - Added simulator support for explicit private keys as parameters. + - Fixed cancel button in the iOS scan dialog of + the SDK not cancelling the workflow. + +------------------------------------------------------------------- +Thu Mar 9 23:31:05 UTC 2023 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.26.3 + - Improvement of help and tutorial texts. + - Improvements in diagnostics. + - Fix an error in the NFC dialog on iOS. + - Improved accessibility when entering PIN, CAN and PUK. + - Introduction of unique FailureCodes in SDK. + - Added the environment variable AUSWEISAPP2_AUTOMATIC_DEVELOPERMODE + in the fully automated SDK. + - Fixed incorrect progress display in SDK for iOS. + - Added SECURESCREENKEYBOARD for corporate environments. + - Bumped TargetSDK to 33 in SDK for Android. + - Update of OpenSSL to version 3.0.8. + +------------------------------------------------------------------- +Sun Feb 5 20:05:56 UTC 2023 - Marcus Meissner + +- switch to generic openssl-devel to allow openssl-3 + +------------------------------------------------------------------- +Mon Jan 23 09:29:26 UTC 2023 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.26.2 + - Fixed notification when another application is running on the port in use. + - Fixed crashes on Android. + - Optimization of forwarding to "CommunicationErrorAddress" on iOS. + - Improved installation of the proxy service for terminal server environments. + - Fixed the setting for the setup wizard when installing in corporate networks. + +------------------------------------------------------------------- +Sun Dec 18 17:25:08 UTC 2022 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.26.1 + - Fixed the loss of settings on Android. + - Fixed the use of non-public or deprecated APIs + on macOS to comply with App Store Guidelines. + + from version 1.26.0 + - Support for macOS 13. + - Support for Windows Server 2016 (version 1607). + - Support for Windows Server 2019. + - Support for Windows Server 2022. + - A proxy service is now available for multi-user operation in terminal + server environments. Details can be found in the document "Guide To + Installation In Corporate Networks". + - Fixed crashes on Android. + - The iOS SDK now supports the arm64 simulator. + - Updated OpenSSL to version 3.0.7. + - Updated Qt to version 6.4.1. + +------------------------------------------------------------------- +Wed Nov 9 07:46:43 UTC 2022 - ecsos + +- Add BuildRequires, so it can also build for Leap >= 15.4. + +------------------------------------------------------------------- +Wed Nov 2 20:53:59 UTC 2022 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.24.4 + * Fixed potential crashes due to OpenSSL (denial of service). + * Updated OpenSSL to version 3.0.7. + +------------------------------------------------------------------- +Sat Oct 29 23:27:58 UTC 2022 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.24.3 + * Fixed crashes on Android. + * Disabled (cloud) backup on Android and iOS. + * Fixed the A11y display of the SaK pairing code on Android and iOS. + * Blocked installation on unsupported versions of Windows 10. + * Fixed compatibility with Qt 6.4. + * Enabled the simulator in the Android and iOS SDK. +- Upgrade Qt build and runtime dependencies for Qt6 + + Add Qt6 packages to BuildRequires + * qt6-concurrent-devel + * qt6-core-devel + * qt6-linguist-devel + * qt6-network-devel + * qt6-qml-devel + * qt6-qmlworkerscript-devel + * qt6-quick-devel + * qt6-quickcontrols2-devel + * qt6-shadertools-devel + * qt6-statemachine-devel + * qt6-svg-devel + * qt6-websockets-devel + + Drop all Qt5 packages from BuildRequires and Requires +- Run spec-cleaner + +------------------------------------------------------------------- +Wed Sep 7 07:39:34 UTC 2022 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.24.2 + * Fixed crashes on Android. + * Fixed a bug with changing the transport PIN on desktop systems. + +------------------------------------------------------------------- +Mon Sep 5 10:54:45 UTC 2022 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.24.1 + * Support for the Russian and Ukrainian languages has been added. + * Fixed some issues with regards to PersoSim. + +------------------------------------------------------------------- +Thu Aug 18 06:33:28 UTC 2022 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.24.0 + * Technical overhaul of the "Smartphone as card reader" function. + The use of an ID card app2 older than 1.22.1 is no longer possible + in combination with 1.24.0. + * Various optimizations with regards to accessibility. + * Support for "IPv6 only" home networks. + * AusweisApp2 is now provided as a 64-bit application on Windows. + * Official support for Windows 11. + * Support for Windows 7 and Windows 8.1 has been discontinued. + * Support for macOS 10.13 and 10.14 has been discontinued. + * Support for Android 5 and 6 and has been discontinued. + * Added an integrated ID card simulator for testing. + * An automatic mode for authentication for tests is now possible. + * AusweisApp2 is now available as a container SDK or Docker image. This + can be controlled using WebSocket or the new automatic authentication. + * Command line parameters can now be passed in the iOS SDK. + * Support for SHA224 and SECP224 has been discontinued. + * The partially-embedded SDK on Android has been discontinued. + * The SDK now uses API level v2. + * Updated OpenSSL to version 3.0.5. + * Updated Qt to version 6.3.1. + +------------------------------------------------------------------- +Sat May 28 07:37:37 UTC 2022 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.22.7 + * Fixed a crash with the new system notifications on macOS 10.14+. + +------------------------------------------------------------------- +Sat May 21 15:10:09 UTC 2022 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.22.6 + * Problems with card communication when using the "Smartphone as + card reader" function in Comfort mode have been fixed. + * Starting with macOS 10.14, system notifications are now being used. + * On macOS, the tray icon is now disabled by default. + This can be re-enabled in the preferences. + * On iOS, a new NFC scan was not possible under certain + circumstances. This has been fixed. + * When canceling an authentication, the app sometimes crashed + on iOS. This has been fixed. + * Minor bug fixes and optimizations. + * Updated OpenSSL to version 1.1.1o. + +------------------------------------------------------------------- +Fri Apr 15 19:45:41 UTC 2022 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.22.5 + * Update of the release notes has been corrected. + * On Windows 10, the window size is no longer + changed after a language change. + * Minor bug fixes and optimizations. + * Under certain circumstances it was possible that + the SDK did not send an INSERT_CARD message. + * Update of OpenSSL to version 1.1.1n. + +------------------------------------------------------------------- +Fri Feb 18 06:36:02 UTC 2022 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.22.4 + * Fixed a random startup crash on Windows. + * The reminder to change the transport PIN is no longer + displayed for the PIN reset service or on-site readout. + * Fixed the "Report a bug" feature on Android 12. + * Fixed an issue where the iOS NFC dialog was displayed + longer than necessary. + * Under certain conditions it was possible that a workflow + could not be started because a previous workflow had not + been completed. + * Minor bug fixes and optimizations. + * If AusweisApp2 was started just as an SDK on Windows, the + path of the AutoStart entry in the registry was rewritten + nevertheless. This has been fixed. + * The libraries can now be built with MSVC 2022. + +------------------------------------------------------------------- +Thu Jan 20 08:12:17 UTC 2022 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.22.3 + * Added references to the PIN reset letter in suitable places. + * The expiration date is now shown in the self-identification dialog. + * Fixed Youtube links. + * Removed unneccessary Qt clipboard access on Android. + * Fixed some dialogs being shown in the language of the operating system + instead of the language set in the app's preferences on macOS. + * Fixed crashes and incorrect behavior on Android 11. + * More information is displayed on a queried password when using + one of the Reiner SCT "komfort" series of card readers. + * Add support for macOS 12. + * Small fixes and improved accessibility. + * Added the "developerMode" parameter to the RUN_AUTH variable. + * Fixed a crash when using the --no-logfile and --keep options. + * The ShowUI parameter is now displayed on mobile devices. + * Update of OpenSSL to version 1.1.1m. + +------------------------------------------------------------------- +Wed Mar 31 18:57:29 UTC 2021 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.22.2 + * CyberJack RFID basis reader is working again on Windows. + * Automatic start of the setup wizard when running AusweisApp2 + for the first time on desktop systems is working again now. + * Fixed a bug in the self-idenfication dialog. + * Fixed some crashes. + * The Android SDK is now also made available on Maven Central + as JCenter has been discontinued. + * Support for authorization certificates with PIN management. + * Update of OpenSSL to version 1.1.1k. + +------------------------------------------------------------------- +Tue Mar 16 12:18:46 UTC 2021 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.22.1 + * The release notes are now displayed within the app. + * Improvements have been made to the display and reporting + of error messages within the mobile app. + * Fixed possible freezing of the app when checking the ID. + * The pairing of a smartphone can now be started directly. + * The mobile app now starts with the SaK view if this was + the last setting used. + * The smartphone function as a card reader can now always be + activated on iOS. + * Animations on iOS have been improved. + * Minor bug fixes. + * In the SDK for iOS, the handleInterrupt parameter was added to + RUN_AUTH and RUN_CHANGE_PIN. Like the associated INTERRUPT command. + * In the SDK for iOS, parameters have been added for RUN_AUTH and + RUN_CHANGE_PIN, which allow messages to be displayed in the system + scan dialog. + * The following error is now returned in the SDK for an expired ID + card: DocumentValidityVerificationFailed + * Added support for the new protocol version for smartphones as card + readers in accordance with the supplement to BSI TR-03112 Part 6. + * A crash on Windows when pairing PersoSim has been fixed. + * Added support for PersoSim for Android with host card emulation. + * A possible infinite loop in the SDK for Android has been fixed. + * Update of OpenSSL to version 1.1.1j. +- Drop patches for issues fixed upstream + + 0001-fix-manpage-path.patch + +------------------------------------------------------------------- +Wed Dec 2 18:09:47 UTC 2020 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.22.0 + * PIN management has been revised. + * App navigation on iOS and Android harmonized. The sidebar on Android has + been removed and replaced with a bar at the bottom of the screen. + * The "Help" area has been revised and restructured on all platforms. + The software licenses can now be viewed within the application. + * A new start page has been added on Android and iOS. + * A function test can now be carried out on Android and iOS via the + entry "Check device and ID card" on the start page. + * Auxiliary animations have been added to Android and iOS to + clarify possible positions for placing the ID card. + * The one-off notice that the transport PIN must be changed + has been added to Android and iOS. + * Option entry and query for the permission "local network access" has been + added on iOS 14. This is necessary for using a smartphone as a card reader. + * AusweisAppp2 can now be installed on macOS via the App Store. Updates that + appear in the future can be obtained automatically through the store. + * The update mechanism on Windows has been revised. The download of the update + and the start of the installation are now carried out automatically when an + update is started. + * Support for the German eID card for Union citizens has been added. + * Support for macOS Sierra 10.12 has been discontinued. + * Support for Bluetooth card readers has been discontinued. + * Minor bug fixes. + * The SDK now supports changing the PIN. + * The SDK now supports displaying the permissions "PinManagement" and "CanAllowed". + * Update of OpenSSL to version 1.1.1h. + * Update of Qt to version 5.15.2. +- Add libQt5QuickTemplates2-devel to BuildRequires +- Add manpage to %files section +- Add patch to fix manpage installation path + + 0001-fix-manpage-path.patch + +------------------------------------------------------------------- +Thu Sep 3 11:31:04 UTC 2020 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.20.2 + * It is now possible to paste a PIN/CAN/PUK using the common methods of + the operating system in use, enabling the use of password managers. + * Fixed an issue on Android 9 and older which prevented switching the + screen to the WiFi settings on some devices. + * Some help texts have been improved. + * A tooltip has been added to the Windows installer for the firewall settings. + * Search performance in the provider screen has been improved. + * Fixed an issue on Android where an error message was shown incorrectly when + the ID card was presented to the card reader before starting authentication. + * Display fonts have been improved on OnePlus devices. + * On macOS, the app will now use the integrated graphics adapter if possible. + * Small bug fixes. + * Support for Android NDK 21.3 and SDK cmdline-tools 2.1 has been added. + * Fixed a compatibility issue with Qt 5.10. + * Fixed an issue where an incorrect text was shown in comfort mode when using + a smartphone with the CAN-allowed function. + * Fixed an issue on Android where the feedback screen was incorrectly shown + after using the external SDK. + * Documentation for the integrated SDK on Android has been extended to include + logging facilities and App Bundles. + * Use of more inclusive terminology, the terms "blacklist" and "suppressions" + have been removed or renamed. + +------------------------------------------------------------------- +Wed Jun 24 21:17:59 UTC 2020 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.20.1 + * Password-protected proxy servers can now also be used from + the new user interface. + * A new option for mobile devices now allows switching between + portrait and landscape viewing mode. + * On Android, canceling the authentication process should now + be faster and the previously occurring crash was fixed. + * On Windows, a progress bar is now also shown during the + authentication process when using the new user interface. + * Small bug fixes. + * Enterprise installations using the MSI package have gained the possibility + to enable on-site-readout and providing a proxy configuration. + * The mobile app now allows enabling and disabling debug mode when retrieving + one's own personal ID data by tapping the magnifier icon ten times. + * Also in the mobile app, tapping the version number in the about dialog + ten times will now activate the advanced settings dialog which allows + one to enable the on-site-readout. +- Drop patches for issues fixed upstream + + 0001-disable-vendor-name.patch + + 0002-fix-desktop-icon-path.patch + +------------------------------------------------------------------- +Sat Jan 18 06:19:08 UTC 2020 - Ismail Dönmez + +- Add Requires on libqt5-qtgraphicaleffects and libqt5-qtquickcontrols2 + This is required for the new default QML interface to work. + +------------------------------------------------------------------- +Wed Jan 15 22:57:12 UTC 2020 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.20.0 + * Introduce new graphical user interface for Windows and macOS + * The DMG image for macOS is now signed + * Support for screen readers on Android and iOS + * Adjust color contrast for better readability + * Optimize menu layout and introduce settings + panel on iOS and Android + * Optimize the functionality to use the smartphone as card reader + * Support for macOS 10.11 was dropped + * Support for x86 architecture on Android was dropped + * Small bug fixes + * Update OpenSSL to version 1.1.1d + * Update Qt to version 5.12.5 +- Add libqt5-qtdeclarative-devel and libQt5QuickControls2-devel + to BuildRequires, required for QML-based user interface +- Add patch to disable vendor name + + 0001-disable-vendor-name.patch +- Add patch to fix path to desktop icon + + 0002-fix-desktop-icon-path.patch +- Drop custom icon + + AusweisApp2.png +- Drop patches for issues fixed upstream + + 0001-fix-resource-file-path.patch + + 0002-fix-translation-files-path.patch + + 0003-disable-auto-updater.patch + + 0004-set-config-path.patch + + 0005-disable-qtquick.patch +- Improve grammar and semantics in Summary and %description +- Install npa_icon.png as desktop icon + +------------------------------------------------------------------- +Thu Dec 19 16:10:16 UTC 2019 - Dominique Leuenberger + +- BuildRequire pkgconfig(libudev) instead of libudev-devel: + Allow OBS to shortcut through the -mini flavors. + +------------------------------------------------------------------- +Mon Oct 28 14:41:20 UTC 2019 - John Paul Adrian Glaubitz + +- Fix capitalization of URL field descriptor +- Remove unnecessary %defattr(-,root,root) from %files section +- Remove unnecessary %post and %postun targets + + Drop %desktop_database_post and %icon_theme_cache_post invocations + + Drop %desktop_database_postun and %icon_theme_cache_postun invocations +- Sort dependencies in BuildRequires +- Switch cmake builder to Ninja + + Add ninja to BuildRequires + + Define __builder as ninja in %build target + +------------------------------------------------------------------- +Sun Oct 20 10:27:41 UTC 2019 - John Paul Adrian Glaubitz + +- Use correct SPDX identifier in License field for EUPL-1.2 + +------------------------------------------------------------------- +Sun Oct 20 09:19:16 UTC 2019 - John Paul Adrian Glaubitz + +- Fix incorrect package name in spec file header +- Update copyright year to 2019 +- Use https connection in Bugzilla link + +------------------------------------------------------------------- +Sun Oct 20 08:57:29 UTC 2019 - John Paul Adrian Glaubitz + +- Remove extra LICENSE.txt from packaging source + +------------------------------------------------------------------- +Sat Oct 19 21:07:19 UTC 2019 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.18.2 + * Small bug fixes + * Updates to Info.plist file + + Version 1.18.1 + * Updates to Info.plist file + + Version 1.18.0 + * Enable NFC functionality for iOS 13 + * Small bug fixes + * Updated OpenSSL version to 1.1.1c + * Updated Qt version to 5.12.4 + * A compiler with C++17 support is now required +- Fix patch to set path to translation files + + 0002-fix-translation-files-path.patch +- Refresh patches for new version + + 0003-disable-auto-updater.patch +- Add patch to adjust path for config.json + + 0004-set-config-path.patch +- Add patch to disable QtQuick as it's currently broken + + 0005-disable-qtquick.patch +- Disable building shared libraries + + Pass -DBUILD_SHARED_LIBS=off to cmake + + Remove any references for *.so files from %install and %files sections + + Remove generation of ld.conf.so configuration file + + Remove invocations to /sbin/ldconfig from %postin and %postun sections +- Install config.json into data directory +- Remove libQt5QuickControls2-devel from BuildRequires + +------------------------------------------------------------------- +Wed Jun 5 13:54:31 UTC 2019 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.16.2 + * The cancel dialog is no longer shown when switching into PIN + changing mode while in identification mode + * On Android, old log files are now purged automatically + * Smartphones that have been paired as card readers (SaK) are now shown as + available if the connection has been established automatically by the app + * Explanatory texts in the mobile app have been improved + * The mobile app no longer performs a browser redirect when turning the transport + PIN into a 6-digit custom PIN when in identfication mode + * The error dialog has gained the possibility to send an email to the AusweisApp2 + support team; it will ask the user now to include the application log and the + email automatically includes information about the system configuration as well + as the most recent critical error messages + * The integrated databases for supported cardreaders as well as online + services supporting the electronic personal ID card have been updated + * The version number of AusweisApp2 is no longer part of the installation + path on Windows to avoid issues with anti-virus software + * A bug that caused AusweisApp2 to crash in identification mode while + running in the background has been fixed + * Automatic detection of smartphones as card readers has been improved + * Automatic detection of card readers in diagnosis mode has been improved + * Other small bugs have been fixed + * The default logger can now be disabled with "–no-loghandler" + * Instructions for "Installing in company networks" have been extended + +------------------------------------------------------------------- +Wed Jan 9 21:04:52 UTC 2019 - John Paul Adrian Glaubitz + +- New upstream release + + Version 1.16.1 + * Deactivated automatic clean-up of old log files as + that could cause a crash in version 1.16.0 + + Version 1.16.0 + * Small bug fixes + * Added a tutorial to aid usage on Android devices + * Dropped support for Android 4.3 and 4.4 + * Dropped support for OS X 10.10 + * Added support for macOS 10.14 + * It's now possible to transmit data from an Android smartphone + anomynously after successful authentication + * Extended the diagnostics functionality + * Added popup question to rate app on Android + * Added possibility to view logs on Android + * On Android, the app now clearly differentiates + between 5- and 6-digit PIN codes + * Removing the ID card while entering PIN/CAN/PUK will no longer + terminate the authentication or PIN changing process + * Added support for corporate-wide deployments of the MSI + package on Windows (separate documenation) + * Added support for a WebSocket SDK on Windows and macOS + (separate documentation) + * Concurrent access from different applications to card readers + which are connected through PC/SC is now possible + * Updated OpenSSL version to 1.1.1 + * Updated Qt version to 5.11.2 + * Dropped support for TLS v1.1 + * Dropped support for the following TLS ciphers: + - DHE-DSS-AES256-GCM-SHA384 + - DHE-DSS-AES256-SHA256 + - DHE-DSS-AES128-GCM-SHA256 + - DHE-DSS-AES128-SHA256 + - DHE-DSS-AES256-SHA + - DHE-DSS-AES128-SHA + - ECDHE-ECDSA-AES256-SHA + - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES256-SHA + - ECDHE-ECDSA-AES128-SHA + - ECDHE-RSA-AES128-SHA + - DHE-RSA-AES128-SHA +- Drop patches merged upstream + + 0001-fix-desktop-menu-category.patch + + 0002-add-desktop-menu-generic-name.patch +- Refresh and renumber patches for new version + + 0001-fix-resource-file-path.patch + + 0002-fix-translation-files-path.patch + + 0003-disable-auto-updater.patch + +------------------------------------------------------------------- +Thu Dec 27 16:23:41 UTC 2018 - John Paul Adrian Glaubitz + +- Add patch to disable auto updater + + 0005-disable-auto-updater.patch +- Rewrite Summary and %description in English + +------------------------------------------------------------------- +Sat Oct 27 13:46:27 UTC 2018 - John Paul Adrian Glaubitz + +- Initial build + + Version 1.14.3 diff --git a/AusweisApp.spec b/AusweisApp.spec new file mode 100644 index 0000000..a1aa5e9 --- /dev/null +++ b/AusweisApp.spec @@ -0,0 +1,100 @@ +# +# spec file for package AusweisApp +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: AusweisApp +Version: 2.2.2 +Release: 0 +Summary: Official authentication app for German ID cards and residence permits +License: EUPL-1.2 +Group: Productivity/Security +URL: https://www.ausweisapp.bund.de +Source0: https://github.com/Governikus/AusweisApp2/archive/%{version}.tar.gz +# PATCH-FIX-OPENSUSE - Enforce use of old OpenSSL API (bsc#1231686) +Patch0: 0001-use-legacy-openssl-api.patch +BuildRequires: cmake +%if 0%{?suse_version} > 1500 +BuildRequires: gcc-c++ +%else +BuildRequires: gcc11-c++ +%endif +BuildRequires: fdupes +BuildRequires: hicolor-icon-theme +BuildRequires: libopenssl-devel +BuildRequires: ninja +BuildRequires: pcsc-lite-devel +BuildRequires: pkgconfig +BuildRequires: qt6-concurrent-devel +BuildRequires: qt6-core-devel +BuildRequires: qt6-core-private-devel +BuildRequires: qt6-linguist-devel +BuildRequires: qt6-network-devel +BuildRequires: qt6-qml-devel +BuildRequires: qt6-qmlworkerscript-devel +BuildRequires: qt6-quick-devel +BuildRequires: qt6-quickcontrols2-devel +BuildRequires: qt6-shadertools-devel +BuildRequires: qt6-statemachine-devel +BuildRequires: qt6-svg-devel +BuildRequires: qt6-websockets-devel +BuildRequires: update-desktop-files +BuildRequires: pkgconfig(libudev) +Requires: libQt6Svg6 +Provides: AusweisApp2 = 2.0.0 +Obsoletes: AusweisApp2 < 2.0.0 +Requires: hicolor-icon-theme + +%description +This app is developed and issued by the German government to be +used for online authentication with electronic German ID cards +and residence permits. To use this app, a supported RFID card +reader or compatible NFC smart phone is required. + +%prep +%setup -q -n %{name}-%{version} +%patch -P0 -p1 + +%build +%if 0%{?suse_version} <= 1500 +export CC=gcc-11 +export CXX=g++-11 +%endif +export CFLAGS="%{optflags} -fPIC" +export CXXFLAGS="%{optflags} -fPIC" +%define __builder ninja +%cmake -DBUILD_SHARED_LIBS=OFF +ninja + +%install +%cmake_install + +%suse_update_desktop_file com.governikus.ausweisapp2 X-SuSE-DesktopUtility +install -DTm644 %{_builddir}/%{name}-%{version}/resources/images/npa.png %{buildroot}/%{_datadir}/icons/hicolor/96x96/apps/AusweisApp.png + +%fdupes -s %{buildroot}/%{_prefix} + +%files +%doc README.rst +%license LICENSE.txt LICENSE.officially.txt +%{_bindir}/%{name} +%{_datadir}/%{name} +%{_datadir}/metainfo +%{_datadir}/applications/com.governikus.ausweisapp2.desktop +%{_datadir}/icons/hicolor +%{_mandir}/man1/%{name}.1%{?ext_man} + +%changelog